Bad Security Moon Rising

The cybersecurity world is awash in oceans of porn, blown water pumps and civil liberties rhetoric. Facebook was slammed with an attack recently that left some users reaching for a bottle of eye bleach, while hackers elsewhere apparently were able to temporarily control parts of a small public utility. Meanwhile, the DoJ sought new powers that could impact you if you ever use an assumed name anywhere online.

All things considered, this past week has been hell on security professionals.

On Monday, AT&T Wireless announced that hackers used automatic scripts to target some subscribers in a bid to steal information stored in their online accounts. They apparently didn't succeed.

Hackers have breached security at utilities in Springfield, Ill., and in South Houston, Texas, in what might prove to be a sign of things to come.

Meanwhile, Norway's oil, gas and defense installations also were breached.

On the mobile front, security vendors are once again saying that Android is fast becoming a major mobile threat, echoing a warning that's growing all too familiar.

Cybermiscreants last week also made friending painful, flooding some Facebook users' accounts with porn and gore, eliciting complaints and, in some cases, cancellations.

Eager to come to grips with cybersecurity issues, the United States is seeking to criminalize violations of a given site's TOS on the one hand, and gunning for Chinese communications companies Huawei and ZTE on the other.

No Power to the People

A hacker apparently reconfigured the SCADA (supervisory control and data acquisition) system at a small water utility in Springfield, Ill., causing a pump to break down.

Another hacker, with the handle "pr0f," claimed to have cracked the system of a utility serving the city of South Houston and posted screenshots of its IT infrastructure.

SCADA systems are used in industries like electric utilities whose demands and processes aren't designed with security in mind, Joseph Weiss, managing partner at Applied Control Solutions, told TechNewsWorld.

Is Electric Utility Security a Damp Squib?

The utilities don't want to face the issue, Weiss alleged.

"I just held my latest annual conference on cyber control systems, and EPRI and NERC weren't there," Weiss said. "They don't want to hear this. It just doesn't make sense."

EPRI, the Electric Power Research Institute, is funded by electric utilities that together generate and distribute more than 90 percent of the electricity consumed in the United States. NERC,the North American Electric Reliability Corporation, ensures the reliability of the North American bulk power system.

EPRI didn't respond to requests for comment by press time.

Android's a Pain in the Mobile Device

That's possibly tied in with the skyrocketing popularity of Android gadgets. They accounted for more than 52 percent of smartphone sales to end users worldwide in the third quarter, more than doubling market share year over year, according to Gartner.

However, they're also becoming a increasingly popular target for malware, according to recent studies produced by Juniper Networks and McAfee.

Security experts partially blame Google's laissez-faire attitude toward vetting Android apps for the maladies, and they're once again voicing concern on that issue.

Subverting Facebook Friendships

Facebook was hit hard this past week by hackers that managed to pepper some members' News Feeds with images that were gory, pornographic or, in some cases, both.

"This particular outbreak of inappropriate imagery could [lead to] a second, third or deeper wave of attacks that keep riding on one another in a never-ending cycle," Armando Carillo Jr., Web media manager at Zvelo, told TechNewsWorld.

The attackers employed self-inflicted JavaScript injection, a technique that "is not new but also is not that common," Mike Geide, senior security researcher at Zscaler ThreatLabZ, told TechNewsWorld.

Essentially, potential victims are encouraged to cut and paste a line of JavaScript code that "can contain a variety of functionalities" into their browser bar, Geide said.

Fly Like an Eagle

American lawmakers are responding to the multifarious cyberthreats facing the U.S.

The U.S. House of Representatives' committee on intelligence has begun investigating a possible threat from the penetration of Chinese owned-telecoms companies, including Huawei and ZTE, into U.S. telecommunications infrastructure.

Meanwhile, the U.S. Defense Department has renewed warnings that the country reserves the right to retaliate with military force against a cyberattack.

Finally, the U.S. Department of Justice has begun seeking harsher penalties for various unlawful online activities. It's also seeking to make it a crime to violate websites' terms of service, a measure that could theoretically criminalize the use of an alias when creating a profile on a site.

The DoJ told Congress that this measure's necessary in order to stop unauthorized access by insiders to sensitive information.

That has privacy advocates worried.

"There's a lot of people who, for legitimate reasons, assume a different identity online," Gregory Nojeim, director of the project on freedom for the Center for Democracy and Technology, told TechNewsWorld.